Ticket #632 (closed 改善提案: 修正済)

Opened 11 years ago

Last modified 10 years ago

XSS対策

Reported by: Seasoft Owned by: nanasess
Priority: Milestone: EC-CUBE2.11.0
Component: その他 Version: コミュニティ (eccube-comu)
Keywords: Cc: kotani
修正済み:

Description (last modified by Seasoft) (diff)

主にエスケープ漏れの対応。

  • 数値のみしか入らないと想定される Smarty 変数も、記述を揃える意味でエスケープする。

r17499 r18328

Change History

comment:1 Changed 10 years ago by Seasoft

  • Description modified (diff)

comment:2 Changed 10 years ago by nanasess

  • Owner changed from somebody to nanasess
  • Status changed from new to assigned

comment:3 Changed 10 years ago by nanasess

  • Cc kotani added
  • Status changed from assigned to closed
  • Resolution set to 修正済

エスケープ漏れ精査しましたので close します

Note: See TracTickets for help on using tickets.